A final note: One reason that your ISP's spam filter is better at detecting spam is because of multiple reporting of a given spam. Identical spam messages hit millions of inboxes. If only tens or dozens of people report them, it is relatively easy for the filter to catch future spams of that type. Your individual spam filter has to "learn" over several received spams, which is not nearly as effective. There are also third-party filters that attempt to collaborate among users, but they can't compare to the widespread watch that your ISP can attain

I find that Comcast's spam filter is much less effective than Outlook's (or Outlook.com). I also don't like to enable my ISP's spam filter for the occasional false positive. I like seeing all of the Spam filter folder on my PC so I can periodically scan it for false positives that I can then white list. I know I could periodically go to Comcast's web mail and check for false positives buts it's more of a pain than using my Email client.

RonR, I agree with most of what you've said. However, there are a couple of "DO NOTs" that I'd take issue with. I have an email account from my university. I supplement their use of SpamAssassin with a Sieve file which acts on the mail after SpamAssassin but before the mail comes to me. For several years, I've been quite successful at using whitelists and blacklists in the Sieve file. I've prevented lots of spam that way, as well as by tweaking the Sieve files to recognize certain spam patterns in the email headers. And though for years I would have agreed with you about not using any UNSUBSCRIBE mechanism, increasingly I've found that legitimate companies are offering this possibility, perhaps because they're sending a lot more mail to addresses they've bought. So now, if a company looks legitimate, I will make use of their UNSUBSCRIBE mechanism, and so far I haven't noticed any bad effects, just the effect I wanted: no more mail from that company.

Other than that, I agree with your DO NOTs, especially not using "challenge response" mechanisms, not forwarding chain emails, and NOT automatically downloading/viewing images in email. One more thing: the Out-of-Office messages can be dangerous. Especially these days, when it is relatively easy to get information about where someone lives, announcing to the world that you are out of the office or on vacation can be an invitation to burglars.

This thread has covered the gammit of SPAM fighting techniques -- both NEW and OLD, GOOD and BAD. I have been a pro-active SPAM fighter since I first started using email some 30-years ago. I still have a "compuserve.com" account that is now part of the AOL free email. I rarely get spam -- no more than 3-4 per month total -- on all of my accounts including gmail, compuserve (aol), earthlink and my ISP's account.

While most people will not be as proactive as I am, everyone can al least contribute to the battle against spam. Here is my short summary of EFFECTIVE ways to combat spam. Most of these ideas have already been expressed in this thread:

DO:

BE PROACTIVE!

Keep separate accounts for business if possible and use DISPOSABLE email addresses to register at free game or other questionable sites.
Earthlink offers multiple addresses as *random*@mypaks.net

Be vigilant about email attachments. There are trojans out there that will share your entire address book with the world. Often the malware will come from someone you know whose system has already been compromised.

Report spam using your email client or the website for the account. If you download to your client (I still use Outlook Express) you should consider "leaving a copy on the server" so that you can later go to the website and report any spam.

Make use of ADD-ONs to your browser or third party "interceptors" such as MailWasher. Many are out there.

If you want to do more, report spam to Spamcop, Spam@uce.gov, report_phishing.com, and the new (to me) knujno@coldrain.com. Most of these require that you formulate the forwarded email with complete HEADERS, so this method requires a bit more dedication.

DO NOT:

PUT UP WITH SPAM, NOR CONTRIBUTE TO THE PROBLEM!

Use WHITE/BLACK lists. Whether you blacklist individuals or entire domains, you are not likely to make a dent in SPAM. And whitelisting virtually guarrantees you'll have to go through your spam folder friequently. Exception: Use a whitelist for Grandma with all the grandkids on it. Then you won't have to show her how to delete the spam or worry that she might send money to Nigeria.

Use "challenge response" mechanisms, which require that the sender ask to be added to your whitelist. These challenge emails add untold traffic to the web as every spam you receive will generate another email, which many consider just as bad as the spam.

Forward those "chain" emails to "all your friends" with dozens of email addresses shown. They are often designed to do nothing more than "harvest" all those valid email addresses. If you must forward one of those, at least be sure to DELETE ALL the email addresses in the BODY of the message. Better yet -- Delete the whole thing!

Reply to spam or use any UNSUBSCRIBE links in spam. They NEVER work, but will often confirm that your address is valid.

Use the PREVIEW pane, or if you do, then DO as I do and turn off AUTO download of images, etc. Links embedded in emails that download from illicit websites can harvest your valid email address this way. Better to download images ONLY if you trust the base message.

Use "OOO" (Out-of-Office) or any other autoresponder to tell the recipient that you "... will respond when I return...", especially if you are only OUT for a few days. If you are on vacation, either check your mail periodically or arrange for your colleague to do so. Autoresponders should ONLY be used to respond to INFO requests or other routine responses where the recipient is EXPECTING a particular auto response. Out-of-Office responses are just more JUNK in our crowded inboxes.

Use "BOUNCE" mechanisms, including the feature in Mailwasher, which try to send a FAKE response as if your email was not valid. These bounces don't work because the "sender" is rarely the spammer himself, and the sending ISP can't/won't do anything. Many ISPs now detect and reject such attempts to impersonate your ISPs mail sender. BOUNCES are just more JUNK on the web.

A final note: One reason that your ISP's spam filter is better at detecting spam is because of multiple reporting of a given spam. Identical spam messages hit millions of inboxes. If only tens or dozens of people report them, it is relatively easy for the filter to catch future spams of that type. Your individual spam filter has to "learn" over several received spams, which is not nearly as effective. There are also third-party filters that attempt to collaborate among users, but they can't compare to the widespread watch that your ISP can attain.

In a nutshell: TAKE precautions and USE your ISPs Spam Button! You, too, can acheive a nearly spam-free inbox. -RonR

... I have an email account from my university. I supplement their use of SpamAssassin with a Sieve file which acts on the mail after SpamAssassin but before the mail comes to me. For several years, I've been quite successful at using whitelists and blacklists in the Sieve file. I've prevented lots of spam that way, as well as by tweaking the Sieve files to recognize certain spam patterns in the email headers.

Cyberdiva, I've used Mailwasher's filters successfully with sophisticated expressions to check headers and body content. Once identified as spam, the sender is blacklisted. The problem is, these days, networks of spam bots spew email from so many sources simultaneously, you'd have to blacklist half the planet to be effective. Whitelists are effective, but not everybody wants to block email from strangers, especially if you want to get new customers. While you may be preventing "lots" of spam by "tweaking," most people don't have the expertise or the inclination to put that much work into it. I no longer "tweak" Mailwasher filters. It just isn't expedient anymore given the new nature of spam.

Originally Posted by cyberdiva

... And though for years I would have agreed with you about not using any UNSUBSCRIBE mechanism, increasingly I've found that legitimate companies are offering this possibility, perhaps because they're sending a lot more mail to addresses they've bought. So now, if a company looks legitimate, I will make use of their UNSUBSCRIBE mechanism, and so far I haven't noticed any bad effects, just the effect I wanted: no more mail from that company.

Legitimate companies do NOT send spam. By all means you should use a legitimate company's UNSUBCRIBE link. Every Windows Secrets Newsletter has an unsubscribe link. So did the email advising me of your reply to my post because I am SUBSCRIBED to this thread. Some semi-legitimate websites will ask you to register your email address and then begin spamming you without asking. Even if there is a functional unsubcribe link for that particular sender, chances are your email has already been shared with several other semi-legitimate "partners." That's why you should use a disposable email address to register at such sites. Then, when you want to stop them from sending, you discard the email address. You may never be fully unsubscribed, otherwise.

My advice stands. NEVER use an unsubscribe link in any unsolicited email, even if it LOOKS legitimate.
If you DID NOT subscribe -- DO NOT unsubscribe!

Bottom line is you are being proactive, and that's what really counts. Thanks for your comments. ~RonR

Cyberdiva, I've used Mailwasher's filters successfully with sophisticated expressions to check headers and body content. Once identified as spam, the sender is blacklisted. The problem is, these days, networks of spam bots spew email from so many sources simultaneously, you'd have to blacklist half the planet to be effective. Whitelists are effective, but not everybody wants to block email from strangers, especially if you want to get new customers. While you may be preventing "lots" of spam by "tweaking," most people don't have the expertise or the inclination to put that much work into it. I no longer "tweak" Mailwasher filters. It just isn't expedient anymore given the new nature of spam.

Thanks, RonR, for your detailed response. If I used a whitelist as my only tool, I agree that I wouldn't be happy with the results. But I use a whitelist simply to be sure that addresses on the whitelist get through even if Spam Assassin's criteria mark them as spam. I accompany the whitelist with various blacklists/tweaks. Addresses that are not on my whitelist and are not caught by my blacklists/tweaks get through, so I get lots of mail from strangers but relatively little from spammers. I don't spend enormous amounts of time on this, but I confess that I do enjoy finding ways to keep spam out of my INBOX without zapping legitimate mail from strangers.

Originally Posted by ruosChalet

Legitimate companies do NOT send spam. By all means you should use a legitimate company's UNSUBCRIBE link. Every Windows Secrets Newsletter has an unsubscribe link. So did the email advising me of your reply to my post because I am SUBSCRIBED to this thread. Some semi-legitimate websites will ask you to register your email address and then begin spamming you without asking. Even if there is a functional unsubcribe link for that particular sender, chances are your email has already been shared with several other semi-legitimate "partners." That's why you should use a disposable email address to register at such sites. Then, when you want to stop them from sending, you discard the email address. You may never be fully unsubscribed, otherwise.

My advice stands. NEVER use an unsubscribe link in any unsolicited email, even if it LOOKS legitimate.
If you DID NOT subscribe -- DO NOT unsubscribe!

I should first make clear that I agree with you about not providing my primary email address to the majority of websites and forums that ask me to register. I have several less important email accounts that I use for such purposes. But my experience with unsubscribe links seems to have been different from yours. I receive a good deal of mail from companies with which I have had no prior contact. Sometimes, they're informing me about webinars or other services in which I have absolutely no interest, sometimes they're asking to meet to discuss their products because they think, incorrectly, that I have some influence over the IT purchases of the university for which I used to work, etc. etc. etc. These are not fly-by-night spammers but legitimate companies that are nonetheless sending me email that I did not request and do not want. As far as I'm concerned, this is spam. If I feel that the company is legitimate and it provides a way to unsubscribe, I will use it. So far, this has worked out well.

Even though our methods may differ, I think you and I are very much on the same page.

I went about it in a different way:
...
2. Rather than forward the emails in my problem account, I "pull" them from my problem account using Gmail POP3 access.
......

Hi SB, your 'pull and spam filter' approach sounds great and I want to use it on my account.
If my email ID is xzy@my.com how do I 'pull' it from the my.com external server into Gmail.
Initially I want to use IMAP so the files stay on the my.com server and I can manually delete when all is working ok.
Please give a bit more detail as I cant find any Gmail tool or setting to do the pulling.
Thanks in anticipation.
Graeme.

Hi SB, your 'pull and spam filter' approach sounds great and I want to use it on my account.
If my email ID is xzy@my.com how do I 'pull' it from the my.com external server into Gmail.
Initially I want to use IMAP so the files stay on the my.com server and I can manually delete when all is working ok.
Please give a bit more detail as I cant find any Gmail tool or setting to do the pulling.
Thanks in anticipation.
Graeme.

To Graeme,
"Pulling" your emails into Gmail only works using POP3, but you can choose to leave the original email on the server from which you are pulling. To do that, follow these instructions:

1. When you are in Gmail, click on the gear in the upper-right corner and then click on "Settings".
2. Click on the "Accounts" tab.
3. In the "Check mail from other accounts (using POP3)" section, click on the "Add a POP3 mail account you own" link.
4. In the next window, enter your xzy@my.com email address and click on the "Next Step" button.
5. In the next window, enter your password and use the pull-down to enter the POP server name. Also make sure the box in front of "Leave a copy of retrieved message on the server" is checked if you want to leave the email there. Also choose any of the other options you want and then click on the "Add Account" button.

The "pulling" process runs about once each hour. Sometimes I can't wait for that hour. Then, instead of having to get into settings to kick-off the "pulling" process from my several accounts I have listed, I use one of the Gmail Labs additions to add a button to the main Gmail page to make it a lot more convenient to force the "pulling" process. To do that, go to gear - Settings - Labs. NOTE: I just tried it and found that they no longer have it as a separate Labs application. I assume that means that anytime you create a "pull" account it automatically adds a button on the main Gmail page to kick off "pulling" from all your "pull" accounts. The button looks like a rectangle with an arrow forming almost a complete circle. It is positioned immediately to the left of the "More" button. Please let me know if you get that new button after you add a "pull" account. Thanks!

To Graeme,
"Pulling" your emails into Gmail only works using POP3, but you can choose to leave the original email on the server from which you are pulling. To do that, follow these instructions:
...
Stu

Hi Stu,
Thanks for your detailed info. Unfortunately the lack of IMAP is a problem as my wife and I use separate access to the email account and the pundits seem to say IMAP is better than Pop.

Web search for alternatives got me to GetMail as a possible solution, but as noted below it seems rather complex to implement on windows.

So I am not sure what to do next.
Graeme.

Eg. -- Getmail, a python replacement to Fetchmail. This is free software licensed under the GPL v2. More information is available on the Getmail project homepage.
But running Getmail on MS Windows needs the free Cygwin package and http://cygwin.com/Running says recent versions of Python under Cygwin requires a process known as "rebasing" your Cygwin installation; see details in Python developers' mailing list message. http://mail.python.org/pipermail/pyt...ly/036932.html
----

Hi Stu,
Thanks for your detailed info. Unfortunately the lack of IMAP is a problem as my wife and I use separate access to the email account and the pundits seem to say IMAP is better than Pop.

Web search for alternatives got me to GetMail as a possible solution, but as noted below it seems rather complex to implement on windows.

So I am not sure what to do next.
Graeme.

Eg. -- Getmail, a python replacement to Fetchmail. This is free software licensed under the GPL v2. More information is available on the Getmail project homepage.
But running Getmail on MS Windows needs the free Cygwin package and http://cygwin.com/Running says recent versions of Python under Cygwin requires a process known as "rebasing" your Cygwin installation; see details in Python developers' mailing list message. http://mail.python.org/pipermail/pyt...ly/036932.html
----

If Gmail is to pull all your emails from multiple email accounts into the one Gmail account, then what would be wrong with both of you then accessing the one Gmail account using IMAP? How you pull the emails INTO Gmail has nothing to do with how you ACCESS the emails once they are in Gmail. In fact, that's exactly what I do. I access my one Gmail account from 2 separate devices, my PC and my iPod Touch. Even though my Gmail account pulls emails from multiple accounts into the one Gmail account using POP3, my access to that one Gmail account is by IMAP.

Hello Stu, Thanks for your patience and help to clarify the issues.
We have several IMAP email a/cs accessed by my wife and I from different machines, and different places when one of us is travelling.
We can each read all the messages and when appropriate I delete messages for me and my wife deletes those for her. However, sometimes the wrong incoming message gets deleted and this is the problem I want to solve.
My plan is to have an account MyInboxArchive@gmail that sucks all incoming mail from all accounts and holds it to provide backup against accidental deletion. We dont need to use it for anything else, just to be a backup.
Agreed we could use the archive a/c as our working a/c but the messages from different incoming accounts are now in one large a/c making it is more difficult to review and keep clear separation for our different source accounts.
It is also essential to manage the message return addresses.
When I reply to an incoming message collected from the AA a/c the 'sent from' and 'reply to' fields should read AA. And when my wife replies to a message collected from the BB a/s the fields should read BB.
How is this done without extra hassle and risk of error and confusion to the recipient ?

A related issue which I have already solved is to automatically archive all sent messages. My solution uses the great Thunderbird setting which automatically adds a BCC on all outgoing messages. So all sent messages from any of our machines automatically includes BCC: MySentArchive@gmail. We have found this to be a great facility. When I am travelling, I can see what my wife has sent from the home computer and vv. Also if any of our computers fails, the email sent archive is preserved.
Thanks again for your comments,
Graeme.

Clearly you've given a lot of thought to your whole email system. Now I better understand what you're trying to do. The idea of this Windows Secrets Lounge discussion is mainly centered around spam. Since your concerns are more about archiving than spam, I hope others following this discussion aren't annoyed.

The "beauty" of Gmail, particularly as part of this Lounge discussion, is that it clearly has the best spam filters available. Although they are not perfect, I rarely find false positives or false negatives (but, of course, you ALWAYS should check the spam folder in ANY system to be 100% sure it's all spam). That's the main reason I use it as an intermediate email system. Your concern is focused on archiving. From your description, you've clearly worked out a quite clever Gmail based archive of all you and your wife's sent email. (You taught me that Thunderbird has an automatic BCC capability that I didn't know about.) For archiving all your received email, I still think the one "MyInboxArchive@gmail" account will meet your needs by pulling all your received email from all you and your wife's email accounts, so long as you remember to choose the "Leave a copy of retrieved message on the server" option for each account. Then do nothing more with this new Gmail account. Because it's just an archive, ALL the rest of your current email system stays as is and is used as you're currently using it. Wouldn't that work for you?
Stu

Hello Stu,
Thanks for your comments. My apologies to others on this thread for diverging from the topic.

I agree your suggested approach will work for archiving emails from my several source accounts. But it requires changing all the source email accounts to POP because Gmail does not auto-extract from IMAP. I want to keep using the source a/cs and do not wish to change to POP for all the normal reasons, eg I often get messages with large attachments and value the option to delete them on the server without first downloading them as required by POP.

Maybe I should start another thread on archiving. Again many thanks for your help in clarifying my needs.
Graeme

Hello Stu,
Thanks for your comments. My apologies to others on this thread for diverging from the topic.

I agree your suggested approach will work for archiving emails from my several source accounts. But it requires changing all the source email accounts to POP because Gmail does not auto-extract from IMAP. I want to keep using the source a/cs and do not wish to change to POP for all the normal reasons, eg I often get messages with large attachments and value the option to delete them on the server without first downloading them as required by POP.

Maybe I should start another thread on archiving. Again many thanks for your help in clarifying my needs.
Graeme

Email systems that I've seen are able to do POP and IMAP at the same time (i.e. Gmail). In other words, let's say you have a paid Yahoo account. The last time I checked, a paid Yahoo account could be accessed by both, POP and (I believe) IMAP, at the same time. So you would be able to have Gmail pull the received emails from Yahoo using POP while you access Yahoo from other places using IMAP. Other email systems, like the free Yahoo (last time I checked), do not offer POP or IMAP access. You have to access it directly online. Please check the email systems you use to see if they offer POP and IMAP. If so, you can use them at the same time. They don't interfere with each other, so long as you leave the emails on the server when setting up the "pull" (using POP) accounts in Gmail.

The one possible problem I DO see with what I'm suggesting for you is that, if an email comes into the inbox of one of your email accounts and you delete it via IMAP BEFORE Gmail has a chance to pull it down via POP, then that deleted email will never make it into the Gmail archive. The window of time when that could happen is about 1 hour, since Gmail pulls emails down via POP about once an hour. If you can live with that, it should work.
Stu